My goal starting this channel is to develop short how to video's to help leaders, engineers and administrators get the best of their investments in F5. F5 invests hundreds of millions of dollars in research and development each year to improve functionality, capabilities and ease of use. However, as a prior customer myself I found it difficult to locate practical deployment guides around real world use cases which significantly limited my consumption of the product. I am hoping these short video's help with educating, ease deployments and excite you about using F5 technology.
If i want to limit the sessions from particular website / url / fqdn, how to achieve this. In 14.0 later version we can add source IP list however I would like to set this up using website / url / fqdn / dns name.
If configured “0” to the connection limit on the VIP, is it still based on the physical memory of LTM? The concurrent connections will share the physical memory.
Wonderful. That's the kind of explanations I am looking for to master the networking part of the Big-IP. It is okay for the modules part LTM ASM for example but when it comes what is happening in the background from a networking point of vue it is very complex and few colleagues are able to answer that for me, hopefully there are articles and videos like this one. Hope you could do more about this part, architectures maybe? Some SSL/TLS deep dive also as it is a tricky part, but Networking and SSL are the parts that I enjoy the most while working on BIP-IP. Thanks a lot
Thanks for sharing this video, very easy to follow. I do have a question, for the send string , can i use a port other than 443 say 14000 for the service and if yes would the host part of the string be myway.com:14000/public/service Connection: Close .
Hey steve! Can u explain to me in Failover the difference between Network failover and the failsafe because the first one doesnt track the ports state (up/down) so im forced to use failsafe to failover in case of link failure is that normal config or i didnt get the concept?. Thank you.
Jucker, if you haven't found your answer yet I recommend reading the solution articles on each function. However, at a high level VLAN failsafe uses arp at layer 2 to determine if communication is occurring over a specific VLAN. Gateway failsafe allows you to have a pool of servers at or beyond the default gateway to determine if it is able to route traffic. Network failover is more or less just heart beat validation between devices in a ha pair. support.f5.com/csp/article/K13297 support.f5.com/csp/article/K15367 support.f5.com/csp/article/K75303031 support.f5.com/csp/article/K2397
Hello Steve Thank you for this video really appreciate that. I've got one query like In my environment I have got one service for which the nodes are showing not available on BIG IP. we have got everything setup on BIG-IP , we have got send string and we configured receive string of 200 OK but still it marks the pool as down. when I do curl command through CLI it shows 200 OK for the application but for some strange reason BIG-IP couldn't sync up with the servers. How do I determine that whether the service is actually available and its really indeed sending 200 OK back to BIG-IP. I have 2 servers placed one at each data centers and have got BIG-IP to load balancing the traffic btw them. I have got another services running fine on BIG-IP but this is the only service causing me a pain as I couldn't determine if it's an issue with BIG-IP or the server it self. Any help would really appreciable. Thanks again for your time
Hi Sam, I apologize for the delayed response. Have you done any captures on the pool members themselves to see the HTTP response codes they are sending when the monitor sends the request? Also, to narrow down your capture, remember health monitors use a self IP and not a SNAT IP. If using SNAT, the floating (SNAT) IP will be the client translated address where as the self ip does health monitoring and other system functions.
Hi James, sorry for the delayed response. You are right, I didn't get into the details on this since I was really just trying to keep it high level. With that, you ask a great question. The Unhandled Query action is when the query does not match a wide IP or a local zone. Below are the recommended settings for unhandled query actions. F5 recommends that you configure the Unhandled Query Actions setting in the DNS profile as follows: Use the Allow setting (default) if you want to load balance the requests to another authoritative DNS server in the environment, or to local BIND on a GTM-licensed system (if local BIND is enabled using the DNS profile). You should also use the Allow setting if the GTM system sends DNS queries to a pool of DNS resolvers. This setting is also required when DNS cache feature is set to Transparent. Use the Drop setting if the GTM-licensed system is configured as an external, authoritative DNS system. The Drop setting provides maximum protection and security for unmatched packets for systems processing external DNS queries. Use the Reject setting to return a REFUSED status for the DNS query. Use the Hint setting to return a list of the root name servers for the DNS query. Use the No Error setting to return a NOERROR status for the DNS query.
Hi Steve Great video. I have a question. In my scenario, my domain is mydomain.com and I want SSO for example.com. My client machine is part of mydomain.com and the site is on the internet. My question is: What should be my ktpass syntax for this kind of requirement? Like, should it be: 1- HTTP/example.com@mydomain.com -mapuser user@mydomain.com? OR 2- HTTP/example.com@example.com -mapuser user@mydomain.com? Please advise.